113
edits
Services/Sync/P2P Key Exchange And Rotation: Difference between revisions
Services/Sync/P2P Key Exchange And Rotation (view source)
Revision as of 00:46, 18 December 2015
, 18 December 2015Minor edits
(Minor edits) |
(Minor edits) |
||
| Line 231: | Line 231: | ||
<ol start="0"> | <ol start="0"> | ||
<li>Each client publishes an identity key (AI, BI) and a set of ephemeral key digests (AE{1..n}, BE{1..n}d)</li> | <li>Each client publishes an identity key (AI, BI) and a set of ephemeral key digests (AE{1..n}, BE{1..n}d)</li> | ||
<li>Client A | <li>Client A: Generates a new ephemeral key (AEp) and sends a message to Client B nominating one of client B's ephemeral key digests (BEd).</li> | ||
<li>Client B | <li>Client B: Using 3DHE and a KDF generates the session key (SK) then sends message including own ephemeral key (BEp) matching digest (BEd). Client A can now also generate the shared secret (SK) and hence the message body can be encrypted immediately. | ||
</ol> | </ol> | ||
| Line 250: | Line 249: | ||
AEs AEp, BEp BEs | AEs AEp, BEp BEs | ||
SK = KDF(3DHE(AIs, AEs, BIp, BEp)) BEd SK = KDF(3DHE(BIs, BEs, AIp, AEp) | SK = KDF(3DHE(AIs, AEs, BIp, BEp)) BEd SK = KDF(3DHE(BIs, BEs, AIp, AEp) | ||
CT PT = <message> | |||
PT = DECRYPT(CT, SK) CT = ENCRYPT(PT, SK) | |||
</pre> | </pre> | ||